Date: Fri, 10 Feb 2017 16:09:12 +0000
From: John Haxby <john.haxby@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: MITRE is adding data intake to its CVE ID process
On 10/02/17 15:40, Priedhorsky, Reid wrote:
> To more efficiently assign and publish CVE IDs and to enable
> automation and data sharing within CVE operations, MITRE is changing
> the way it accepts CVE ID requests on the oss-security mailing list.
> Starting today, please direct CVE ID requests to this web form
> <https://cveform.mitre.org/>
>
> I’ve been using the CVE requests on oss-security to maintain a reasonably comprehensive and timely list of vulnerabilities for specific products. It’s not clear to me how to do this when CVE requests happen offline in a web form.
>
> Has this use case been considered? Is there an alternate way to accomplish my goal?
I'm glad someone else mentioned this -- I've been wondering too.
What would be nice is if the web form forwarded the request and CVE-ID
(suitably formatted) to oss-security or a similar list.
jch